Having just completed another Making Money with SecurityTM workshop out in Fort Collins Colorado here are some learning points worth noting:
- Focus on the assets, find the asset owner. Selling security is never about product.
- IT people are not liable for the protection of assets – as long as they carry out their job and avoid policy violations, they have little to lose. Sell to the asset owner – those responsible for the business.
- Compliance officers and audit personnel are not asset owners. CSOs don’t normally create or control large budgets. Treat them as influencers.
- Aside from Government contracts, avoid all RFPs. Companies generally choose the winner long before sending these projects out for bid.
- Security sales start with a measurement of risk and end with some form on ongoing risk mitigation, such as Managed Security Service Provider (MSSP) offerings.
- Delivering price proposals to influencers means handing control of the deal over to the client. From there it becomes a waiting game.
- Asking questions: When you ask executives to answer questions that could be answered by IT, you get an immediate demotion back to IT. Make sure you plan your questions before meeting with key stakeholders.